- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Tue, 13 Jun 2006 23:16:51 +0200
- To: "Robert Sayre" <sayrer@gmail.com>
- Cc: ietf-http-wg@w3.org
* Robert Sayre wrote: >FWIW, Mozilla defaults text/xml to utf-8 (doesn't everyone?), but does >actually use ISO-8859-1/CP-1252 as a default if all else fails, >including sniffing. There are two ways to process text/xml content, either as described for text/xml in RFC 3023 or as described for application/xml in RFC 3023 and the XML Recommendations. Last time I checked Mozilla did neither. Great thing for anyone seeking to exploit code injection vulnerabilities. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Tuesday, 13 June 2006 21:17:03 UTC